Samsung Mobile Samsung Pay vulnerabilities

CVE-2022-36871 [MEDIUM] CWE-285 CVE-2022-36871: Pending Intent hijacking vulnerability in NotiCenterUtils in Samsung Pay prior to version 5.0.63 for Pending Intent hijacking vulnerability in NotiCenterUtils in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.

CVE-2022-36870 [MEDIUM] CWE-285 CVE-2022-36870: Pending Intent hijacking vulnerability in MTransferNotificationManager in Samsung Pay prior to versi Pending Intent hijacking vulnerability in MTransferNotificationManager in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.

CVE-2022-36872 [MEDIUM] CWE-285 CVE-2022-36872: Pending Intent hijacking vulnerability in SpayNotification in Samsung Pay prior to version 5.0.63 fo Pending Intent hijacking vulnerability in SpayNotification in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.

CVE-2021-25525 [MEDIUM] CWE-703 CVE-2021-25525: Improper check or handling of exception conditions vulnerability in Samsung Pay (US only) prior to v Improper check or handling of exception conditions vulnerability in Samsung Pay (US only) prior to version 4.0.65 allows attacker to use NFC without user recognition.

CVE-2021-25527 [LOW] CWE-926 CVE-2021-25527: Improper export of Android application components vulnerability in Samsung Pay (India only) prior to Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication.